Renko Posted February 20, 2018 Report Share Posted February 20, 2018 Si como lo oís Flight Sim Labs ha estado poniendo malware en su instalador. Aquí la noticia para más detalles https://www.rockpapershotgun.com/2018/02/20/we-were-after-one-guy-say-malware-flight-simmers/ Por lo visto se llamaba test.exe y lo que hacia era recolectar todas las contraseñas y nombres de usuario almacenados en Chrome. Según ellos solo se activaba si se instalaba pirata, pero vaya usted a saber. Ayer hablaban de que querian "pillar" a los piratas, y hoy hablan de "pillar" a una persona en concreto. Por lo visto ya lo han retirado, pero esto que han hecho es algo muy ilegal. Más que lo que trataban de atajar. También por lo visto la encriptación que se usaba para mandar esos datos del malware a ellos, es muy débil. Así que vaya usted a saber si algunos de esos datos acabaron en malas manos. Yo no he comprado su software, pero si después de pagar casi 100€ me enterase que me andan metiendo malware pues me pensaría que hacer legalmente. Os lo dejo por que imagino que alguno lo tendréis, e incluso puede que tengáis o tuvieseis el "test.exe" Quote Link to comment Share on other sites More sharing options...
Winglet Posted February 20, 2018 Report Share Posted February 20, 2018 Más info aquí... vaya tela: https://medium.com/@lukegorman97/flightsimlabs-alleged-malware-analysis-1427c4d23368 Quote Link to comment Share on other sites More sharing options...
amalahama Posted February 20, 2018 Report Share Posted February 20, 2018 #FSLabgate Saludos! Quote Link to comment Share on other sites More sharing options...
Zaz0 Posted February 20, 2018 Report Share Posted February 20, 2018 Madremia..... gracias por la info Quote Link to comment Share on other sites More sharing options...
amalahama Posted February 21, 2018 Report Share Posted February 21, 2018 #FSLabsgate se está haciendo viral Me sabe mal por ser FSLabs, y más cuando hacían productos de calidad, pero la han cagado tantísimo que pueden caer sobre ellos incluso penas bastante gordas de cárcel. En 4chan ya han abierto alguna que otra denuncia por la via judicial. Saludos! Quote Link to comment Share on other sites More sharing options...
Renko Posted February 21, 2018 Author Report Share Posted February 21, 2018 (edited) Vaya, ya están con denuncias. No me extraña A mi me recuerda a este meme Han intentado "parar" la piratería haciendo algo sumamente estúpido, y sobre todo muy ilegal. Vamos que ellos mismos se han dado la "puntilla", por que si les empiezan a caer demandas (sobre todo en EEUU). Adiós a esa compañía P.D.: Yo si fuese poseedor de ese producto reclamaría la devolución del importe de la compra. Imagino que ellos con esa practica tan ilegal han incumplido el EULA, ademas de la confianza del consumidor. EDIT: Cada vez pinta más feo. Mirad este articulo de una compañía de seguridad si queréis ver algo en profundidad https://www.fidusinfosec.com/fslabs-flight-simulation-labs-dropping-malware-to-combat-piracy/ Es para mear y no echar gota. Ojo cosas como esto de octubre del año pasado, dicho por un miembro del FSLabs. Le decían a la gente que desactivase el Antivirus para instalar su producto.....madre mía TENED en cuenta el riesgo para vuestra seguridad que implica haber instalado este producto incluso legalmente. Ved este post en reddit https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/ Y concretamente esto: Spoiler "I work in InfoSec for a large company as a Security Architect I am involved with Incident Response First, this is illegal in many countries and states. They cannot distribute malware knowingly. Second, for the misguided who are buying the line that it is only pirated serial numbers that are affected. Every system that downloaded and ran the file should now be considered compromised. At my company, if this was done, those systems would be isolated, investigated and reimaged. Nobody can guarantee how the malware behaves that they installed. It very well could have left a ghost somewhere or when it is used could send the data via means the company could not detect. I seriously doubt they would look at DNS exfil or even know what it is. There is also the possibility some developer of another program dropped malware and stole your license number and now your copy is blacklisted. The data they exfiled is PII and there are lots of issues with taking it off a system. Was it transmitted in the clear? How are they storing the stolen data they pulled? What if they are compromised? How are they using the data? Have they shared the data? If so, how did they transmit the data and how is it stored? There are legal issues as well. They acknowledged they stole PII from users. This is illegal. Any data obtained through those methods are also not admissible in court. They are also open to being fined by, at the very least, the EU and the UK. For those legitimate users who say they have nothing to hide or worry about. You should be extremely worried. This company has done something very unethical and illegal. When they were caught doing it, they denied it initially, then they said they did it to fight piracy and, Oh, trust them, they don't execute it on legitimate customers. The issue with that is they already ruined that trust by putting malware on your system. You cannot trust this company when they say they do not run test.exe on legitimate copies. If you have had this installer executed on your system, it is my professional opinion you should reimage your system and change any passwords stored in Chrome. Also, use a password manager and do not store passwords in Chrome. Edit: More on the company trust. Keep in mind what they did is very unethical and illegal. In the coming weeks, they will be doing and saying anything to save their company. They are going to be assailed on multiple fronts with various agencies, Attorneys General, countries, and individuals investigating, prosecuting, and/or litigating. Edit2: This has blown up, as it should, but if you read the posts on the forums for FSL that they did not delete, the lack of awareness is absurd. Also, the data was exfiled with unencrypted transmission and the data was not encrypted either. To make matters worse, the target server is not behind a firewall and has RDP open to the world." Edited February 21, 2018 by Hayha Quote Link to comment Share on other sites More sharing options...
Ce_zeta Posted February 21, 2018 Report Share Posted February 21, 2018 Madre del amor hermoso. Mira que hacen buenos productos, se suben a la parra con el precio, pero bueno, cada uno pone el precio que quiere a su trabajo. Ya se les habian visto formas al Lefteris y cia un poco raras...pero esto es inaudito! Compras sus productos a un precio superior al de mercado y encima te meten malware!!!!!!!! Ahora, esto es de ser unos impresentables de cuidado. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.